What's On The Horizon

Along with Kees Leune, the ISO at Adelphi University, I will be presenting, "When To Declare An Information Security Incident and How To Respond Once You Do" at the EDUCAUSE Security Professionals Conference April 15-17 in St. Louis. Details can be found here:
http://www.educause.edu/events/security-professionals-conference

My most recent contributions to the information security community are presentations on the philosophy of security and on information security incident response at the Idaho Fraud & High Tech Investigation Conference, November 2012.

Saturday, March 9, 2013

Privacy? Security?


I've read several articles recently that spoke to the difference between security and privacy.  I was confused, I've always thought of security and privacy as complementary concepts.  Privacy is often defined by quoting one of the Supremes--Brandeis--who said it is "the right to be left alone."  I think of it that way, too, but in more mundane terms, the right to decide who knows what about me.  In the age of Google, that is probably impossible, but that's a topic for another blog.

Security is a collection of tools or activities used to maintain privacy.  In my personal life that means using the free credit reports that are available, paying attention to the cookies that get set by websites, changing my passwords, and other stuff like that.  At work, I am responsible for ensuring that a bunch of information about students, faculty, and staff are kept private, yet available only to the people who need the information to act for the benefit of our constituents--managing financial aid, recording grades, paying people for their work.

Privacy is my goal.  Security is the route to reaching that goal.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)